Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 09 Jun 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adguard
Adguard adguardhome |
|
| Vendors & Products |
Adguard
Adguard adguardhome |
Mon, 08 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 08 Jun 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within the authglinet middleware. Attackers can craft a request with a traversal payload in the Admin-Token header to redirect file reads to arbitrary paths. | |
| Title | AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-08T17:55:39.024Z
Reserved: 2026-04-20T16:07:47.309Z
Link: CVE-2026-41448
Updated: 2026-06-08T17:55:24.702Z
Status : Deferred
Published: 2026-06-08T17:16:42.847
Modified: 2026-06-09T13:51:18.770
Link: CVE-2026-41448
No data.
OpenCVE Enrichment
Updated: 2026-06-09T08:45:37Z